I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Docker images. Microsoft Azure has jumped on the bandwagon with Azure Container Registry.

Azure provides many options to run containers in the cloud. The Azure Container Service, for example, enables you to scale and orchestrate containers across a fleet of managed VMs with Kubernetes, DC/OS or Docker Swarm. Azure Service Fabric provides a platform to build microservices powered by containers. Even the Azure App Service can host and run containers.

All of these services make it easier for teams to run containers on Azure, but there's another core dependency. Containers are based on images, and those images need a place to live. Azure Container Registry, a cloud-based repository built on the open source Docker Registry 2.0, gives Azure users a place to store container images inside a private registry close to their deployments.

Other key features of Azure Container Registry

When a container host needs to spin up a container, and the image doesn't exist locally, it pulls it from a container registry. Unfortunately, this pull operation can create network latency.

If you run Docker containers in Azure, you can reduce this latency, since the Azure Container Registry uses Azure storage under the hood.Provision your entire container infrastructure in the same Azure region to ensure your image repositories are in the same data center as the container hosts.

In addition to registry-specific admin accounts, the Azure Container Registry supports Azure Active Directory (AD) authentication. Teams can set up an Azure AD service principal to use with the docker login command to push and pull images to the registry. A service principal is essentially an Azure AD application that can access a service based on the explicit permissions that Azure admins define. As different team members come and go, you won't have to change individual administrator permissions.

Start using Azure Container Registry

In the Azure Portal, click on + New and search the marketplace for Azure Container Registry.

As you can see in Figure 2, you need to provide a globally unique registry name. Select a subscription and resource group. As shown in Figure 2, you can enable an admin to create a registry-specific admin account, which is required if you do not want to set up an Azure AD service principal.

You can also create a managed registry. This feature is currently in preview, and it's similar to the managed disks feature for VMs. If you enable a managed registry, you do not have to create and maintain the Azure storage account where your images live.

Finally, the pricing tier determines the available storage capacity and costs. The standard offering provides 100 GB of available storage, along with a daily cost that varies per region. In this example, the standard tier would run $0.334 per day in the West Central U.S. region.

How to work with Azure Container Registry

Once you provision the Azure Container Registry, use the docker login command to authenticate and to push and pull container images. For this example, we'll use a registry-specific admin account instead of an Azure AD service principal.

To find the admin user details, go to your resource group and click on the Azure Container Registry instance. Under settings, click on access keys. You'll see a screen like the one in Figure 3.

Figure 3 -- Review the Azure Container Registry access details.

In this example, the username is SearchCloudComputing. The system generates two passwords that you can change if you click on the regenerate button just to the right of the password. Also, note the Login server. The host portion of the fully qualified domain name is the name of your Azure Container Registry instance.

First, as an example, run the following command using the Docker client:

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.